Earlier today, I’d just sat down to lunch and a client texts me that 3 of their employees just walked out. Within 5 minutes of that text -
- All the now-former employees' entry fobs had been disabled
- Their VPN & server access was disabled
- Deactivated from the company Slack
- Microsoft 365 passwords changed and all their sessions forcibly logged out.
- And had their computers not been secured upon their departure, a MDM command locking the company-owned devices would have been initiated.
This is possible because there were processes in place to handle these types of events. When an employee leaves, it's absolutely critical that their access be disabled as well - and as quickly as possible. Too often when we engage with new clients, we find that long-terminated employees still have server, VPN, email, etc accounts that are still active. I tell clients all the time, that no one is disgruntled - until they're disgruntled. And putting out fires caused by former employees abusing access that wasn't disabled on their departure is the worst way to find out what someone is capable of.
Please. . .take a few minutes and look to see who has access to your server, VPN, Microsoft/Google environment, etc and disable any accounts that no longer belong.
